Claude Cowork for accounting firms: secure books, close, and tax work for Canadian CPAs

Tags: N/A

Download PDF (141 KB)
PDF version, print or share with your team.

Trusted byToronto law firmsHamilton manufacturersVancouver clinicsGTA accounting firmsOntario non-profitsBritish Columbia professional services

Accountants are asking whether Claude Cowork can touch client books without putting confidential financial data at risk. According to Statistics Canada, finance and insurance firms already use AI at 30.6%, and professional services lead at 31.7%, so staff at most practices are testing these tools. The duty to keep client information confidential stays with the firm.

Mike Pearlstein, CISSP, MSc AI, founder of Fusion Computing, which has secured IT for Canadian accounting and finance firms across Toronto, Hamilton, and Metro Vancouver since 2012.

Key takeaways

Book a Consultation

  • An accounting firm can use Claude Cowork on a Team or Enterprise plan with access scoped to one client folder and a written policy.
  • Cowork connects to QuickBooks, so reconciliation and month-end prep are a strong fit. Scope it to one client, not the whole drive.
  • Cowork stores its work locally, so it sits outside your audit logs. For CPA file documentation and CRA audits, you build that record yourself.
  • A CPA signs off on anything filed. Never put client tax data on a personal account.

Can accounting firms use Claude Cowork with client financial data?

Yes, an accounting firm can use Claude Cowork on a Team or Enterprise plan, with access scoped to one client’s working folder and a written usage policy. According to the CPA Code of Professional Conduct and PIPEDA, confidentiality binds the firm, not the software. On the business plans, your content is not used to train Anthropic’s models by default, which is why client books belong there and never on a personal account.

Quick self-checkHow AI-ready is your business, really?

Score your AI readiness across data, use cases, governance, people and ROI in about 2 minutes, with your ranked gaps and a 30/60/90-day plan.

Take the AI readiness assessment →or book a free 30-min call →Free · no email until you see your score, or talk to a senior engineer.

The point is that confidentiality is the firm’s obligation under the CPA Code of Professional Conduct, and no vendor setting removes it. What a practice controls is the scope: which files the agent opens, which plan governs the data, and who reviews the numbers before filing. On the business tiers, Anthropic’s privacy commitments keep that data out of model training.

It’s the same secure-adoption logic from the pillar guide on using Claude Cowork securely in your business, applied to a CPA practice, and it sits alongside our broader IT for accounting firms work. The law-firm version of this guide covers the parallel duties for law firms using Cowork.

What does Claude Cowork actually do for an accounting firm?

Claude Cowork completes multi-step financial work rather than answering a single question. Because Claude for Small Business connects natively to QuickBooks, the practical jobs are reconciliation, month-end close prep, first-draft financial statements, organizing tax documents, and cleaning up accounts payable and receivable. Each output is a draft for a CPA to verify, not a filing.

Here’s how those jobs map to the work, with the guardrail that keeps each one safe. Fusion Computing walks firms through this before any pilot, the same way we scope any AI services engagement.

Book a 30-minute call to scope Claude Cowork for your practice safely →

Task What Cowork does The guardrail
QuickBooks reconciliation Matches transactions and flags discrepancies Scope to one client; the accountant reviews
Month-end close prep Reconciles accounts and drafts a plain-English variance summary One client folder, not the whole drive
First-draft financial statements Assembles statements from the trial balance and working papers A CPA reviews and signs; never auto-filed
Tax-document organization Sorts and renames T-slips, receipts, and source documents No SIN or tax data on a personal plan
AP and AR cleanup Deduplicates and categorizes invoices and payments Treated as a draft for review

How do the confidentiality and client-data guardrails work?

According to Anthropic’s deployment guidance, the core guardrail is least privilege: scope Cowork to one client’s working folder, never the whole client drive. Classify what is allowed in (working documents for the active engagement) and what stays out (tax identifiers and client data beyond the scoped folder). Keep a CPA reviewing anything filed. Cowork runs in an isolated virtual machine, but prompts still reach Anthropic, so scope is the control that limits exposure.

The mistake I flag most often is scope. When a firm connects the agent to the entire client drive, a single task can read every client’s books. Scope it to the active engagement and most of the risk disappears.

Field note. A first-person field observation: in the firm pilots I’ve run, the first thing I change is access. I’ve seen a bookkeeper point an agent at a drive that held every client’s working papers. We scoped it to one engagement folder, and the workflow that felt reckless became routine. The work’s identical; the exposure isn’t.

The policy is the other half. A short rule set, the kind we cover in our guide on what belongs in an AI acceptable use policy, names the approved tool, the data that may go in, and who may run it. I pair the policy with a technical review so the scope survives contact with a real busy season.

Ask us to scope your pilot → Fusion Computing pairs that with a cybersecurity review so the practice has a defensible position.

The oversight gap for CPA file documentation and CRA audits

According to Anthropic, Claude Cowork stores its conversation history locally on each user’s computer, outside audit logs, the Compliance API, and data exports. For a CPA firm it matters: file documentation standards and CRA audit trails both assume the firm can reconstruct how a number was reached. Team and Enterprise owners can stream Cowork events to a SIEM through OpenTelemetry, which Anthropic notes does not replace audit logging for compliance.

According to Anthropic’s guidance on using Cowork on Team and Enterprise plans, the local history “is not subject to Anthropic’s standard data retention policies and cannot be centrally managed or exported by admins.”

Field note. When I walk a partner through the oversight gap, I open the local Cowork history on the demo machine and ask who else can see it. Nobody can. I have not yet met a practice whose file-documentation procedure contemplated a transcript that lives on one bookkeeper’s laptop, and that is the record a CRA reviewer will ask about.

“Partners ask me whether Cowork can run the month-end close. It can draft it. The close still belongs to the CPA who signs it, and the practices that hold that line get the speed without the file-review problem.”

Mike Pearlstein, CISSP, CEO, Fusion Computing

That doesn’t rule Cowork out. It means the firm designs its own record of AI-assisted work.

Fusion Computing wires the OpenTelemetry stream into the same monitoring we run for managed detection and response, so a practice sees tool calls and file access even though the transcript stays on the device. If a working paper could support a filing or a CRA query, the firm keeps that record on purpose.

Plan tier and a setup checklist for an accounting firm

The plan tier is the first decision: per Anthropic’s plan lineup, only Team ($25 USD monthly, $20 USD annual, 5-seat minimum) and Enterprise carry the “not trained on by default” commitment a firm needs. A safe rollout: scope to one client folder, keep “ask before acting” on for client books, write a usage policy, turn on OpenTelemetry monitoring, and have a CPA sign off on filings.

Cowork runs on Pro, Max, Team, and Enterprise plans per Anthropic’s release notes, but only the two business tiers fit client work. Here’s the checklist Fusion Computing runs with a firm before the first client file goes near the tool. The steps come from anonymized client data across the 2026 firm pilots; in our practice the plan-tier fix is the first change we make.

Get a CISSP-led review of how AI tools reach your client books →

Why Canadian firms bring this work to Fusion Computing

CISSP-led, a Microsoft Solutions Partner and a CompTIA Managed Services Trustmark holder, securing IT for Canadian SMBs across Toronto, Hamilton, and Metro Vancouver since 2012.

  1. Choose Team or Enterprise. A bookkeeper running client books on a personal account is the first risk to fix.
  2. Scope to one client folder. Never the whole client drive or every company file. Widen only with a reason.
  3. Default to “ask before acting.” Cowork always asks before deleting files; keep approvals on for client data.
  4. Write an acceptable use policy. Name the approved tool, the data that may go in, and who may run it.
  5. Turn on OpenTelemetry monitoring. It’s the only visibility you have into what the agent did.
  6. Keep a CPA signing off. Nothing filed, from statements to returns, ships without review.
  7. Map the terms to your duties. Check Anthropic’s data handling against CPA confidentiality and CRA record-keeping before go-live.

None of it’s exotic, and most of it takes an afternoon.

Fusion Computing sets it up as part of the managed IT work we already do for firms, and the same pattern carries to wealth management firms and healthcare clinics under their own regulators. If you want a second set of eyes before your firm pilots Cowork, talk to us or read more about how we work. The review is CISSP-led at a Microsoft Solutions Partner, the same team that has secured Canadian practices since 2012.

Claude Cowork is worth adopting for the reconciliation and document work that fills a practice. The firms that set the plan, the scope, and the policy first are the ones that’ll use it calmly through busy season while their competitors are still arguing about whether it’s allowed.

Fusion Computing helps Canadian businesses across Toronto and the GTA, Hamilton, and Metro Vancouver with managed IT, cybersecurity, and Microsoft 365.

Frequently Asked Questions

Is Claude Cowork safe for client books?

Claude Cowork can be safe for client books on a Team or Enterprise plan, with access scoped to one client folder and a CPA reviewing the output. The work runs locally and, on the business plans, is not used to train Anthropic’s models by default. Confidentiality stays the firm’s duty, so the controls around the tool are what make it safe.

Can Claude Cowork use my QuickBooks?

Yes. Claude for Small Business, which ships inside Cowork, connects natively to Intuit QuickBooks along with tools like PayPal and Microsoft 365. For a firm that means reconciliation and month-end prep can run against the live books. Scope the connection to one client and keep an accountant reviewing the result before it informs a filing.

Does Claude Cowork breach CPA confidentiality?

Using Claude Cowork does not breach CPA confidentiality by itself. The risk comes from careless setup. Confidentiality depends on controlling client information, so a firm should run Cowork on a business plan, scope it to one client folder, keep tax identifiers out of unscoped folders, and review anything before filing. The duty sits with the firm, not the tool.

What plan does an accounting firm need for Claude Cowork?

An accounting firm should use the Team or Enterprise plan, not a personal Pro or Max account. Only the business tiers carry Anthropic’s commitment not to train on your content by default, plus the owner and admin controls a firm needs. A bookkeeper running client books on a personal account is the first risk to remediate.

Want an AI use policy that fits your CPA and CRA duties? →

Is client tax data used to train the model?

On Team and Enterprise plans, your content is not used to train Anthropic’s models by default, so client tax data processed under a business plan stays out of training. Personal Pro and Max plans follow individual privacy settings, which differ from the business default. For a CPA firm, that difference is the reason to standardise on a business plan.

How is Claude Cowork different from Intuit Assist or accounting AI?

Intuit Assist and similar tools are built into specific accounting platforms. Claude Cowork is a general agent that works across your own files and apps on the desktop, and it can connect to QuickBooks through Claude for Small Business. For a firm, the practical differences are where the data lives, the admin and audit controls, and how broadly the agent can reach.

Does Claude Cowork work on Windows or only Mac?

Claude Cowork works on both macOS and Windows through the Claude desktop app, and it reached general availability on both on April 9, 2026. It is not available on the web or on mobile. Some capabilities, such as computer use, arrived first as research previews, so confirm the current feature list for your platform inside the app.

Who at the firm should run Claude Cowork?

Start with a small group who understand the engagement and the confidentiality duty, not the whole firm at once. Cowork is an organization-wide setting that owners can switch on or off, and granular per-user controls are limited, so a deliberate pilot with named users beats a broad rollout. Pair it with training and a written policy before wider use.

Talk to Fusion

Tell us your biggest headache across IT, security, or AI. We’ll let you know if we’re a fit.Get in Touch

Fusion Computing has provided managed IT, cybersecurity, and AI consulting to Canadian businesses since 2012. Led by a CISSP-certified team, Fusion supports organizations with 10 to 150 employees from Toronto, Hamilton, and Metro Vancouver.

93% of issues resolved on the first call. Named one of Canada’s 50 Best Managed IT Companies two years running.

100 King Street West, Suite 5700
Toronto, ON M5X 1C7
(416) 566-2845
1 888 541 1611